From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 29875 invoked from network); 22 Jan 2021 18:46:45 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 22 Jan 2021 18:46:45 -0000 Received: from 5ess.inri.net ([107.191.111.177]) by 1ess; Fri Jan 22 13:19:33 -0500 2021 Received: from [127.0.0.1] ([104.59.85.219]) by 5ess; Fri Jan 22 13:19:30 -0500 2021 Date: Fri, 22 Jan 2021 13:19:28 -0500 From: Stanley Lieber To: 9front@9front.org In-Reply-To: References: <711bec9a-10ff-485b-a3f6-1f8ece8e9344@sirjofri.de> <51CA2B17-9324-4D5E-957D-7BFB7FDF7892@stanleylieber.com> <77DF150E-1F8B-4D9E-B143-1DAC71BF2915@stanleylieber.com> Message-ID: <8C059856-AA16-491A-8A48-0B049A13DCFF@stanleylieber.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: scale-out stateless JSON service base-scale callback CMS layer Subject: [9front] =?US-ASCII?Q?Re=3A_=5B9front=5D_Re=3A_=5B9front=5D_Re=3A?= =?US-ASCII?Q?_=5B9front=5D_fqa_7=2E3=2E3=2E1_-_Stop_c?= =?US-ASCII?Q?wfs_from_allowing_user_none_to_attach_without_authentication?= Reply-To: 9front@9front.org Precedence: bulk On January 22, 2021 12:04:35 PM EST, hiro <23hiro@gmail=2Ecom> wrote: >yep, it's very unusual=2E > >out of their view perhaps less so: why did you give the address a >public ip address if you didn't want the world to access it? > >but i agree of course we need a proper guideline now how to secure a >system at least a minimal extent=2E=2E=2E > >otoh, instead of a guideline, perhaps it's better to change the >defaults=2E if all the /rc/bin/service* stuff starts by default, it has >to be guaranteed that it's safe by default, IMO=2E > >On 1/22/21, Stanley Lieber wrote: >> On January 22, 2021 11:07:22 AM EST, hiro <23hiro@gmail=2Ecom> wrote: >>>> they can read any world readable file on the system >>> >>>sounds like it works as intended, thus the word world=2E >>> >>>to reject world access without the nonone (which sounds like a hack) >>>on our default installed fileservers requires some configuration >>>changes as it clearly isn't the default on unix and never was=2E >>> >>>unless there are cases where you cannot just revoke world access by >>>changing those permissions on the filesystem, i would say there is no >>>problem=2E >>> >>>you can never change permissions inside the '#' devices, so there >>>might be multiple problems hidden there=2E >>> >>>do i understand correctly that #p access is always a problem? it would >>>be good to make a list=2E >>> >>>On 1/22/21, Stanley Lieber wrote: >>>> On January 22, 2021 1:27:48 AM EST, sirjofri >>>> wrote: >>>>>Hello sl, >>>>> >>>>>22=2E01=2E2021 03:39:18 sl@stanleylieber=2Ecom: >>>>>> echo nonone >>/srv/cwfs=2Ecmd >>>>> >>>>>Is there some good reason why/when I should do this? How does none >>>>>authenticate? >>>>> >>>>>Does this just disable all anonymous access to the fileserver, like w= eb >>>>>servers? >>>>> >>>>>sirjofri >>>>> >>>> >>>> my understanding is when you enable cwfs network listener user none i= s >>>> allowed to attach over the network by default, no authentication >>>> required=2E >>>> this means they can read any world readable file on the system=2E >>>> >>>> as far as i can tell nonone is undocumented, but it's in the source= =2E >>>> you'd >>>> want to use nonone at boot time (in cpurc, for example)=2E >>>> >>>> i had this in my own cpurc on my ancient cwfs system, iirc it was cin= ap >>>> who >>>> told me to do it=2E somehow i failed to add this to the fqa until now= =2E >>>> >>>> sl >>>> >>> >> >> the surprise gotcha is that by default anyone at all can attach to your= fs >> without explicit permission=2E "world readable" is understood to mean a= nyone >> on the system=2E it wasn't expected that the world has access to the sy= stem=2E >> >> sl >> > yes=2E we did disable more listeners than labs had by default=2E i have no= idea why nonone was never changed=2E sl